The plugin does not sanitise and escape the Message Subject field before outputting it in the Messages list, which could allow high privileges users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Add/Edit a message and put the following payload in the Subject field: "><img src onerror=prompt(/XSS/)> The XSS will be triggered in the Messages list (/wp-admin/admin.php?page=bbpp_thankmelater)
Ankur Bakre
Ankur Bakre
Yes
2022-03-28 (about 4 months ago)
2022-03-28 (about 4 months ago)
2022-04-09 (about 4 months ago)